Vulnerabilities exist in how they process PNG and TIFF images for rendering on the BlackBerry smartphone.
Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.
The issue affects the following software versions:
- BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange
- BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino
- BlackBerry® Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise
- BlackBerry® Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange
- BlackBerry® Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino
BlackBerry Enterprise Server version 5.0.3 MR3 and later for Microsoft Exchange and IBM Lotus Domino are not affected, neither are the actual BlackBerry smartphones.